Last modified: 2014-01-07 22:48:55 UTC
Users may not be aware of metadata embedded in files they're uploading; it would be beneficial from a privacy perspective to embed the location fields by default if information from the image has been extracted and filled into those fields. This makes it more visible to the user what's going on, and gives them the option to blank out the fields if there are privacy reasons to do so (e.g. photo taken in a private home).
This is the default (for gps. Some other rare location fields aren't shown by default). Commons (peobably accidentally) has it overriden in https://commons.wikimedia.org/wiki/MediaWiki:Metadata-fields That said, I've often thought we should have a better system where the msg overrides defaults instead of being an exhaustive list. Then people could customize it without hiding future fields+would work better with extensions. I also think there is more then a couple other fields that should be added to that list.
(In reply to comment #1) > This is the default (for gps. Some other rare location fields aren't shown by > default). Commons (peobably accidentally) has it overriden in > https://commons.wikimedia.org/wiki/MediaWiki:Metadata-fields > > That said, I've often thought we should have a better system where the msg > overrides defaults instead of being an exhaustive list. Then people could > customize it without hiding future fields+would work better with extensions. > I > also think there is more then a couple other fields that should be added to > that list. Sorry, didn't read component, thought you meant on image description page, not in upload wizard.
Usability-wise, this makes sense; I don't see how it would help with privacy, though, unless UploadWizard actually changes the file when the location fields are updated.
Duh :-) Yes, you're right of course, unless we make it easy to strip metadata completely, this won't help much with privacy and indeed might mislead users into thinking otherwise. EXIF privacy probably requires a more systematic approach, such as a per-file indicator saying "This files includes embedded metadata" which, when clicked, makes it possible to selectively remove fields (which should also remove them from any templates they're automatically parsed into). Does that sound reasonable?
CC-ing Pau - this might be interesting for the UI redesign [1]. Erik: I assume this should be built into Special:Upload as well? Also, does this make sense for other fields than location? EXIF can have author name and date - much less sensitive than location, but once we have a solution, it is probably easy to extend to other fields. We should also consider whether there will be any usability problems created by the fact that the file on the user's disk and the file on the wiki is not the same anymore. If he tries to reupload the file, hash-based checks would not work, so it might be possible to upload the file twice by mistake - that does not seem like a big deal, though. [1] http://etherpad.wikimedia.org/p/design-multimedia-uploader
I agree arbitrary EXIF stripping has all kinds of weird consequences - but I think the potential privacy benefit of enabling users to easily remove information that they do not want to disclose may make it worth it. Yes, this would be a nice problem to get a UX recommendation on.
